diff --git a/.gitignore b/.gitignore
index d2b88d7..a0b72fa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,4 @@
 /cjdns-v20.4.tar.gz
 /python-cjdns-0.1.tar.gz
 /cjdns-v20.5.tar.gz
+/cjdns-v20.6.tar.gz
diff --git a/cjdns.README_Fedora.md b/cjdns.README_Fedora.md
index 7f8430b..397f10c 100644
--- a/cjdns.README_Fedora.md
+++ b/cjdns.README_Fedora.md
@@ -45,10 +45,11 @@ cannot [insert standard cryptography disclaimer] be spoofed.  Most mesh VPNs
 decrypt packets before routing to a new node.  This means that if a relay node
 is compromised in a conventional VPN, it can see and even alter packets.  All
 cjdns packets are end to end encrypted - relay nodes are untrusted.  Cjdns is
-source routed, there is no centralized routing.  If a node is "blackholing"
-your packets for some reason - simply doesn't route through that node anymore.
-(But see Security below.)  The usual security problems with source routing
-don't apply because cjdns IPs can't be (easily) spoofed.
+source routed, there is no centralized routing (an option for chosen route
+servers is slated for future implementation).  If a node is "blackholing"
+your packets for some reason - cjdns simply doesn't route through that node
+anymore.  (But see Security below.)  The usual security problems with source
+routing don't apply because cjdns IPs can't be (easily) spoofed.
 
 ## Startup
 
@@ -80,9 +81,6 @@ can speed this up dramatically with:
 
 The resume service restarts cjdns when the system wakes up from sleep.
 
-For rhel6, use ```start cjdns``` instead of systemctl - ditto for restart
-and stop.
-
 ## Security
 
 By default, Fedora Workstation will treat the tun device created by cjdroute as
@@ -103,7 +101,8 @@ are more cumbersome.
 The Distributed Hash Table algorithm is a core component of cjdns - which is
 vulnerable to a Denial of Service attack known as "Sybil".  This attack can
 block specific updates to the DHT - to prevent your node from joining a mesh,
-for instance.
+for instance.  The Sybil attack is less effective because Cjdns uses
+chosen peers.  Simply cut off abusive peers.
 
 On the positive side, you can safely use telnet to cjdns IPs and the http
 protocol is automatically encrypted (but you need a secure DNS or raw ip to be
@@ -150,7 +149,7 @@ http_access allow adultpcs
 
 You may install a network service that depends on cjdns, for instance you might
 install thttpd to serve up
-[nodeinfo.json](https://docs.meshwith.me/en/cjdns/nodeinfo.json.html).  If
+[nodeinfo.json](https://github.com/hyperboria/docs/blob/master/cjdns/nodeinfo-json.md).  If
 thttpd is configured to listen only on your cjdns IP, then it will not start
 until cjdns is up and running.  Add ```After=cjdns-wait-online.service``` to
 ```thttpd.service``` to hold off starting the service until cjdns has the
diff --git a/cjdns.fuzz.patch b/cjdns.fuzz.patch
index 878f7c6..d071a7c 100644
--- a/cjdns.fuzz.patch
+++ b/cjdns.fuzz.patch
@@ -1,14 +1,46 @@
 diff -up ./test/Main_fuzz_test.c.fuzz ./test/Main_fuzz_test.c
---- ./test/Main_fuzz_test.c.fuzz	2019-05-08 19:31:34.995364838 -0400
-+++ ./test/Main_fuzz_test.c	2019-05-08 19:31:51.955608910 -0400
-@@ -59,8 +59,8 @@ static Iface_DEFUN incomingTun(struct Me
+--- ./test/Main_fuzz_test.c.fuzz	2020-04-09 14:01:51.000000000 -0400
++++ ./test/Main_fuzz_test.c	2020-04-14 17:17:24.101260879 -0400
+@@ -60,8 +60,8 @@ static Iface_DEFUN incomingTun(struct Me
  static void notLinkedYet(struct Context* ctx)
  {
      uint64_t now = Time_currentTimeMilliseconds(ctx->base);
 -    if ((now - ctx->startTime) > 5000) {
 -        Assert_failure("Failed to link in 5 seconds");
-+    if ((now - ctx->startTime) > 100000) {
++    if ((now - ctx->startTime) > 200000) {
 +        Assert_failure("Failed to link in 100 seconds");
      }
  }
  
+diff -up ./util/test/Seccomp_test.c.fuzz ./util/test/Seccomp_test.c
+--- ./util/test/Seccomp_test.c.fuzz	2020-04-15 20:21:02.563170274 -0400
++++ ./util/test/Seccomp_test.c	2020-04-15 22:32:21.633653339 -0400
+@@ -61,6 +61,10 @@ static void timeout(void* vNULL)
+ {
+     Assert_true(!"timed out");
+ }
++static void timeout2(void* vNULL)
++{
++    Assert_true(!"time out 2");
++}
+ 
+ static int child(char* pipeName, struct Allocator* alloc, struct Log* logger)
+ {
+@@ -70,7 +74,7 @@ static int child(char* pipeName, struct
+     pipe->logger = logger;
+     pipe->userData = alloc;
+ 
+-    Timeout_setTimeout(timeout, eb, 2000, eb, alloc);
++    Timeout_setTimeout(timeout, eb, 8000, eb, alloc);
+     EventBase_beginLoop(eb);
+ 
+     return 0;
+@@ -120,7 +124,7 @@ int main(int argc, char** argv)
+ 
+     Assert_true(!Process_spawn(path, args, eb, alloc, NULL));
+ 
+-    Timeout_setTimeout(timeout, NULL, 2000, eb, alloc);
++    Timeout_setTimeout(timeout2, NULL, 160000, eb, alloc);
+ 
+     EventBase_beginLoop(eb);
+     return 0;
diff --git a/cjdns.spec b/cjdns.spec
index 3bafa43..23d3c56 100644
--- a/cjdns.spec
+++ b/cjdns.spec
@@ -80,7 +80,7 @@
 
 Name:           cjdns
 # major version is cjdns protocol version:
-Version:        20.5
+Version:        20.6
 Release:        1%{?dist}
 Summary:        The privacy-friendly network without borders
 # cjdns is all GPLv3 except libuv which is MIT and BSD and ISC
@@ -192,6 +192,8 @@ Provides: bundled(nacl) = 20110221
 %endif
 # build system requires nodejs, unfortunately
 ExclusiveArch: %{nodejs_arches}
+# Seccomp_test is too slow on koji for this arch
+ExcludeArch: armv7hl
 
 %description
 Cjdns implements an encrypted IPv6 network using public-key cryptography for
@@ -334,7 +336,7 @@ sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js
 %endif
 %patch19 -p1 -b .fuzz
 #patch20 -p1 -b .sysctl
-%patch22 -b .gcc10
+#patch22 -b .gcc10
 
 cp %{SOURCE1} README_Fedora.md
 
@@ -744,6 +746,16 @@ fi
 %{_bindir}/graphStats
 
 %changelog
+* Mon Mar 16 2020 Stuart Gathman <stuart@gathman.org> - 20.6-1
+- New upstream release
+
+* Mon Mar 16 2020 Stuart Gathman <stuart@gathman.org> - 20.5-3
+- Rebuilt for Fedora 33
+- Minor doc updates
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
 * Wed Jan 22 2020 Stuart Gathman <stuart@gathman.org> - 20.5-1
 - New upstream release
 
diff --git a/sources b/sources
index 57c705f..a1f0a31 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,4 @@
 SHA512 (cjdns-v20.4.tar.gz) = 5a6bd36b2edd07fa883efa4b14dd8a7ba0189bf43404e27ab6ae3b0c2f1e63ce738c52b34416f51f93c9752f6654ea95eac2c71897d2a1e19f4a6d1ca3bad46d
 SHA512 (python-cjdns-0.1.tar.gz) = f3b7c9afe6bc2f8b0b872cc7fbe9e997657ecf1cbb1f7e8e417099f1265541af919e965be2508a8613f3a2223020ac077473fe48c78f9553dda1a927364bb256
 SHA512 (cjdns-v20.5.tar.gz) = 36ae20182b9e9601ae64630cb0fa96caccbe5279be48520ea8b457a15437da5c9b48a5ae5588bd76ef819efe696b5a582a906a50e4dbe7760bb96fa7d1d63ea3
+SHA512 (cjdns-v20.6.tar.gz) = 34057583f2215899b96f95cc60ba0532aff12834ad2c4b432a6752c811f60ed3d6d33ec82e039b159f090558020faf69c71b373ac33ca9e41b186be0b87c3332